Static task
static1
Behavioral task
behavioral1
Sample
147a433ee86463fdc77e2a52f667846c_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
147a433ee86463fdc77e2a52f667846c_JaffaCakes118.exe
Resource
win10v2004-20240419-en
General
-
Target
147a433ee86463fdc77e2a52f667846c_JaffaCakes118
-
Size
2.4MB
-
MD5
147a433ee86463fdc77e2a52f667846c
-
SHA1
febfe4730f874b3c8c261c8fa1e2474ff79725da
-
SHA256
87822196ace45bebd15b543a84e103fb7fb1ceba068e807bb23225f571d86152
-
SHA512
6ba6f013915a310dc97565940bd44aebc5e3da481a9edd33c598c76fa2d636f610a0304cc2c157886b6cbdde684e6c92792bfe58a4c2e52ba5c3e22b786b653f
-
SSDEEP
12288:lCiqXt2xxdebLIMIvPeTOuxNJuaqr/vdFQnhNMrpU/vNQ6xbqvMXrh+11SObjQOn:lCVyAcMSmSuxqRNsIrq/vfbqUwQu7n
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 147a433ee86463fdc77e2a52f667846c_JaffaCakes118
Files
-
147a433ee86463fdc77e2a52f667846c_JaffaCakes118.exe windows:5 windows x86 arch:x86
40944bf68c02d0829c4050687915c5f8
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mpr
WNetGetUniversalNameW
WNetGetConnectionW
WNetGetResourceInformationW
userenv
ExpandEnvironmentStringsForUserW
wintrust
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATAdminEnumCatalogFromHash
WTHelperGetProvCertFromChain
CryptCATAdminAcquireContext
advapi32
RegEnumKeyExW
RegCreateKeyExW
RegEnumValueW
RegisterTraceGuidsW
GetTraceEnableFlags
kernel32
FlushFileBuffers
LCMapStringW
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CloseHandle
GetCurrentThreadId
HeapFree
GetUserDefaultLCID
InterlockedCompareExchange
InterlockedExchange
CreateProcessW
GetConsoleCP
GetFullPathNameW
MulDiv
GetFileAttributesW
GetACP
FindFirstFileW
WaitForSingleObject
HeapSize
LocalFree
SetStdHandle
GlobalAlloc
GlobalUnlock
VirtualAlloc
VirtualFree
GetCurrentThread
GetModuleHandleW
GetPrivateProfileIntW
FindNextChangeNotification
BindIoCompletionCallback
IsValidCodePage
GetConsoleWindow
HeapReAlloc
HeapAlloc
GetStringTypeW
OutputDebugStringW
RtlUnwind
LoadLibraryExW
LeaveCriticalSection
GetCommandLineW
RaiseException
EncodePointer
GetLastError
SetLastError
CreateFileW
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsProcessorFeaturePresent
IsDebuggerPresent
GetOEMCP
GetCPInfo
EnterCriticalSection
user32
GetCursorPos
SetMenuContextHelpId
EnumPropsExW
LoadCursorFromFileW
FlashWindowEx
GetClassInfoW
GetProcessWindowStation
MonitorFromPoint
DdeQueryNextServer
IsCharUpperW
Sections
.text Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 4.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bn38u Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 103KB - Virtual size: 102KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ